Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/B7yI0KK7rKzuDFF1BUB1992w2tA.roa
File:                     B7yI0KK7rKzuDFF1BUB1992w2tA.roa (raw, json)
Hash identifier:          Q39giqhcuEf16fHkH6yoqufZKIDYNeEL5/XFwYXS7yU=
Subject key identifier:   07:BC:88:D0:A2:BB:AC:AC:EE:0C:51:75:05:40:75:F7:DD:B0:DA:D0
Certificate issuer:       /CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
Certificate serial:       018A44E7028D1909CB84806DB89F150457E8
Authority key identifier: 87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/B7yI0KK7rKzuDFF1BUB1992w2tA.roa
Signing time:             Wed 30 Aug 2023 05:25:04 +0000
ROA not before:           Wed 30 Aug 2023 05:25:04 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     1901
IP address blocks:        194.152.160.0/19 maxlen: 19
                          195.230.32.0/19 maxlen: 19
                          213.240.64.0/18 maxlen: 18
                          212.124.128.0/19 maxlen: 19
                          195.64.0.0/19 maxlen: 19
                          212.60.160.0/19 maxlen: 19
                          212.88.0.0/19 maxlen: 19
                          212.197.128.0/18 maxlen: 18
                          213.157.128.0/19 maxlen: 19
                          195.170.64.0/19 maxlen: 19
                          194.166.0.0/16 maxlen: 16
                          212.16.32.0/19 maxlen: 19

Validation:               Failed, certificate revoked on Wed 13 Sep 2023 06:10:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:44:e7:02:8d:19:09:cb:84:80:6d:b8:9f:15:04:57:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=870c589a4f22a9ca2ff99b4c48f8bdf492871725
        Validity
            Not Before: Aug 30 05:25:04 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=07bc88d0a2bbacacee0c5175054075f7ddb0dad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:08:a8:ab:0c:95:f2:19:0b:00:8e:e4:7a:78:
                    f5:bb:e5:4e:b2:84:d7:50:50:7f:3e:0d:ad:33:e1:
                    b4:3b:5d:ee:d9:d1:ec:67:83:ee:e6:1b:d5:a3:65:
                    24:5e:3c:68:73:81:8c:1b:a5:b0:92:3b:b9:72:1a:
                    bd:ec:f9:7c:64:ed:10:0e:4f:a0:8e:e2:fe:f8:cf:
                    fb:9d:42:9b:32:a4:e8:59:a8:ae:1b:bd:8b:5e:98:
                    d9:af:fa:a6:be:58:35:3c:6c:d4:95:e8:b1:db:1e:
                    a6:81:a1:47:ec:03:59:de:e3:0a:e6:11:e7:f7:ca:
                    55:23:97:d0:f8:55:9d:4d:e9:e7:0b:11:7e:9c:75:
                    bd:92:fd:1e:90:50:fe:f7:e8:a1:b7:75:0c:93:92:
                    b3:f2:34:fa:ac:4b:7e:2c:5a:c6:12:7c:c7:1d:8f:
                    42:9b:c2:8c:94:f2:3e:5a:9e:70:86:09:f7:74:4d:
                    53:b4:37:34:a6:ed:12:c0:3b:9c:cc:11:7d:3d:6f:
                    2f:50:85:6c:3c:cd:6b:c9:6c:07:52:89:35:0b:f0:
                    4f:9b:5f:ad:34:34:30:80:3d:e9:bc:c8:f4:25:f3:
                    c0:2c:ce:51:a8:7d:e5:75:27:4d:67:03:e9:b1:a0:
                    d8:f4:6b:d3:80:79:83:a0:14:0e:cc:5b:d9:18:e1:
                    42:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:BC:88:D0:A2:BB:AC:AC:EE:0C:51:75:05:40:75:F7:DD:B0:DA:D0
            X509v3 Authority Key Identifier:
                keyid:87:0C:58:9A:4F:22:A9:CA:2F:F9:9B:4C:48:F8:BD:F4:92:87:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hwxYmk8iqcov-ZtMSPi99JKHFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/B7yI0KK7rKzuDFF1BUB1992w2tA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ad/f505b5-0e46-4b3f-bf1b-849d3a6b9c2d/1/hwxYmk8iqcov-ZtMSPi99JKHFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.152.160.0/19
                  194.166.0.0/16
                  195.64.0.0/19
                  195.170.64.0/19
                  195.230.32.0/19
                  212.16.32.0/19
                  212.60.160.0/19
                  212.88.0.0/19
                  212.124.128.0/19
                  212.197.128.0/18
                  213.157.128.0/19
                  213.240.64.0/18

    Signature Algorithm: sha256WithRSAEncryption
         ab:3b:d9:a1:b0:04:53:f8:23:10:64:60:75:96:08:be:f0:8f:
         e6:31:d9:e2:16:d1:76:08:2a:93:c3:aa:b8:eb:49:df:33:ab:
         33:2c:96:ef:36:34:bb:cb:3e:b7:88:3a:00:8f:e2:fd:d0:bb:
         ce:f6:d1:3c:4c:b2:a6:45:2d:4a:6e:f6:2d:3e:0f:dc:1d:c2:
         73:fd:c3:25:c6:f4:d2:cf:57:e7:c9:03:e5:60:fe:0d:28:91:
         f0:15:9b:5d:e0:cd:28:9a:88:a4:7a:bf:74:96:8f:77:a2:da:
         07:10:d7:ec:c0:85:a2:eb:4e:c7:20:a0:15:3c:ea:12:7b:4d:
         df:53:70:14:8f:58:6b:52:4e:f7:f0:44:25:92:58:07:5f:d6:
         20:29:0c:9d:b7:ed:b4:2c:1d:5e:ad:aa:f8:9d:5a:bb:5d:31:
         4b:26:c8:68:ed:49:29:82:49:02:9c:03:27:15:a3:16:26:8e:
         76:a8:46:79:89:eb:b4:74:d5:ab:cb:56:40:dd:ee:14:98:11:
         9e:32:54:69:bb:e4:d2:4f:a7:8e:a6:ca:5f:c3:7d:19:bc:9a:
         fb:c8:16:54:70:4a:7e:13:e5:15:66:54:6e:c9:a6:7d:ac:d9:
         74:46:34:85:d3:24:37:49:ed:da:d0:0e:66:33:9f:5e:b0:77:
         d1:b9:59:f5
-----BEGIN CERTIFICATE-----
MIIFPjCCBCagAwIBAgISAYpE5wKNGQnLhIBtuJ8VBFfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MGM1ODlhNGYyMmE5Y2EyZmY5OWI0YzQ4ZjhiZGY0OTI4
NzE3MjUwHhcNMjMwODMwMDUyNTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2JjODhkMGEyYmJhY2FjZWUwYzUxNzUwNTQwNzVmN2RkYjBkYWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0wioqwyV8hkLAI7kenj1u+VOsoTX
UFB/Pg2tM+G0O13u2dHsZ4Pu5hvVo2UkXjxoc4GMG6Wwkju5chq97Pl8ZO0QDk+g
juL++M/7nUKbMqToWaiuG72LXpjZr/qmvlg1PGzUleix2x6mgaFH7ANZ3uMK5hHn
98pVI5fQ+FWdTennCxF+nHW9kv0ekFD+9+iht3UMk5Kz8jT6rEt+LFrGEnzHHY9C
m8KMlPI+Wp5whgn3dE1TtDc0pu0SwDuczBF9PW8vUIVsPM1ryWwHUok1C/BPm1+t
NDQwgD3pvMj0JfPALM5RqH3ldSdNZwPpsaDY9GvTgHmDoBQOzFvZGOFC8QIDAQAB
o4ICSjCCAkYwHQYDVR0OBBYEFAe8iNCiu6ys7gxRdQVAdffdsNrQMB8GA1UdIwQY
MBaAFIcMWJpPIqnKL/mbTEj4vfSShxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWIt
ODQ5ZDNhNmI5YzJkLzEvQjd5STBLSzdyS3p1REZGMUJVQjE5OTJ3MnRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZC9mNTA1YjUtMGU0Ni00YjNmLWJmMWItODQ5ZDNhNmI5YzJk
LzEvaHd4WW1rOGlxY292LVp0TVNQaTk5SktIRnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGAGCCsGAQUFBwEHAQH/BFEwTzBNBAIAATBHAwQFwpigAwMA
wqYDBAXDQAADBAXDqkADBAXD5iADBAXUECADBAXUPKADBAXUWAADBAXUfIADBAbU
xYADBAXVnYADBAbV8EAwDQYJKoZIhvcNAQELBQADggEBAKs72aGwBFP4IxBkYHWW
CL7wj+Yx2eIW0XYIKpPDqrjrSd8zqzMslu82NLvLPreIOgCP4v3Qu8720TxMsqZF
LUpu9i0+D9wdwnP9wyXG9NLPV+fJA+Vg/g0okfAVm13gzSiaiKR6v3SWj3ei2gcQ
1+zAhaLrTscgoBU86hJ7Td9TcBSPWGtSTvfwRCWSWAdf1iApDJ237bQsHV6tqvid
WrtdMUsmyGjtSSmCSQKcAycVoxYmjnaoRnmJ67R01avLVkDd7hSYEZ4yVGm75NJP
p46myl/DfRm8mvvIFlRwSn4T5RVmVG7Jpn2s2XRGNIXTJDdJ7drQDmYzn16wd9G5
WfU=
-----END CERTIFICATE-----